IETF Logo Mail Archive

Re: [DNSOP] Authoritative servers announcing capabilities

John Levine <johnl@taugh.com> Sat, 12 September 2020 19:39 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE42A3A0D52 for <dnsop@ietfa.amsl.com>; Sat, 12 Sep 2020 12:39:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.451
X-Spam-Level:
X-Spam-Status: No, score=-1.451 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=iecc.com header.b=CXQtkfT4; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=taugh.com header.b=akmPNFWq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wNnbwCxM2llZ for <dnsop@ietfa.amsl.com>; Sat, 12 Sep 2020 12:39:05 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C40793A0D51 for <dnsop@ietf.org>; Sat, 12 Sep 2020 12:39:04 -0700 (PDT)
Received: (qmail 33941 invoked by uid 100); 12 Sep 2020 19:39:01 -0000
Date: Sat, 12 Sep 2020 19:39:01 -0000
Message-ID: <rjj84l$vnf$1@gal.iecc.com>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:references:in-reply-to:cleverness; s=848d.5f5d23d5.k2009; i=news@user.iecc.com; bh=Mf55J9UgnrIiRDIREXScBGa7nID8qCnLrDxU+gvpJO0=; b=CXQtkfT4wi9hHc/9pcNXcwSdCCJqQwL57E0/0XxOJogt11G5GfqKBi+F4bKa/4MSyNB0vqnAeS941wkkJfoOptUvozxPAYvZdkD5Z3PViBdN5KyfcEc/+PRSPAZlqcp7Gi8DSFrpL2Q1bJtT1fMsv2yk3EnudqEhXN3c53saZbih6rGSoHQXb/8VV9sPiYzSmj+y2JCR09fjvwLAHwLalU83JF3GKaxLI4sKDSdKADiN0ZaMAFMprSKIlAoBTyj5IahuIwNqQmg00C4wQ8Xl/rRIPyiTzCt0RSN1rvE/T/2ApbOPLeFl3GgIln0fJmrN1XR1KqC5Cx77oJGimltp+A==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:references:in-reply-to:cleverness; s=848d.5f5d23d5.k2009; olt=news@user.iecc.com; bh=Mf55J9UgnrIiRDIREXScBGa7nID8qCnLrDxU+gvpJO0=; b=akmPNFWqnyxio7CMXfnN/oaBHcbgq9J/1oCWAiRDI2sFSlfrLL+LUSg+xQ3a9ypY5iUUtFI/+6wctci/KbnbRmaK5/TNQ+TZ7GfUwfBwLIooOYyJW7el3dj8IWT0Bs/uPIrW81WvQ4LHpYNZqZTpQB6NPylX/YzkppshvNeTyuBwiULWvEBnMBMVF+lFvjuooEIGNsvrhGGx1MH5E9r8kbXv5jsitgfQZEYD6xyWVRqoiCg3+wq29QZiAG8ntOnZ1hrU/734o7VHoFfGf/GW8H4SSeiWETQken19CE7G3sw8zmEMXuXar6b0VwboPXSiUlHVV9hXVnURxgp2T2kiNQ==
Organization: Taughannock Networks
References: <20200912013402.GB703318@mycre.ws> <3AEBFFCA-4189-47A3-BFBB-7CE8554DD352@nohats.ca>
In-Reply-To: <20200912013402.GB703318@mycre.ws> <3AEBFFCA-4189-47A3-BFBB-7CE8554DD352@nohats.ca>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/KVOq7QUKhNcPPRuoYcm3rnQaA88>
Subject: Re: [DNSOP] Authoritative servers announcing capabilities
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Sep 2020 19:39:07 -0000

In article <3AEBFFCA-4189-47A3-BFBB-7CE8554DD352@nohats.ca>,
Paul Wouters  <paul@nohats.ca> wrote:
>Put the RR at each NS name, eg _encdns.ns0.nohats.ca. 

Same problem, the server may offer different features in different zones.

I'm not seeing a workable alternative to EDNS0 here.  I realize there's no way
to sign them, but perhaps we can address that by merging this discussion with
the one about authenticated DoWhatever.

-- 
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email